Fun

News Feed - 2023-09-11 10:09:19

Brayden Lindrea7 hours agoLido assures LDO, stETH tokens remain safe despite flaw in token contractThe “fake deposit” attack enables bad actors to execute a transfer where the requested value is larger than what the user actually owns.2581 Total views21 Total sharesListen to article 0:00NewsJoin us on social networksEthereum staking protocol Lido Finance has assured both Lido DAO (LDO) and staked-Ether (stETH) tokens remain safe despite hackers allegedly exploiting a known security flaw in LDO’s token contract.


Lido didn’t confirm any exploits, but acknowledged the security flaw was known and reassured LDO and stETH funds remain safe in response to a Sept. 10 post by blockchain security firm SlowMist.


SlowMist said LDO’s flawed token contract allows bad actors to facilitate “fake deposit” attacks on exchanges because LDO’s token contract enables users to execute transactions even where they don’t have sufficient funds. This code deviates from the Ethereum Request for Comment 20 (ERC-20) token standard, according to SlowMist.


However, Lido Finance argued the flaw is built into all ERC-20 tokens — not just Lido’s LDO token:This behaviour is expected and conforms to the ERC20 token standard (see tweet below). Both LDO and stETH (and Lido governance) remain safe.

Lido token integration guides will be updated with LDO specifics to make this more visible shortly.— Lido (@LidoFinance) September 10, 2023


SlowMist said the “fake deposit” attacks came from LDO’s token contract executing transfers where the value is larger than what the user actually owns, triggering a false return as opposed to reverting the transaction. While the firm said Lido’s token contract has recently been exploited via this attack, no on-chain evidence was provided.


Cointelegraph reached out to SlowMist for comment but did not receive an immediate response.


Meanwhile, on-chain analyst “Hercules” explained on Sept. 10 that the security flaw may not be picked up by cryptocurrency exchanges.


SlowMist recommends LDO holders to also check the return values of the token contract transfers in addition to the success or failure of a transaction.


The blockchain security firm concluded that token contract implementations and behaviors vary by project and to conduct comprehensive testing before integrating any new tokens.


Related:Ethereum staking services agree to 22% limit of all validators


However, Lido highlighted in the official Ethereum Improvement Proposal document — co-authored by Vitalik Buterin in November 2015 — that both the “transfer” and “transferFrom” functions must return the transfer status and are only recommended to revert a transaction in exceptional cases.ERC20 token standard: https://t.co/YlrS1ZN6Fd

1) Both transfer and transferFrom are required to return transfer status and are only recommended to revert a tx in exceptional cases.

2) The standard says that a caller is obliged to check the return status (see 'Token methods'). pic.twitter.com/6KTcIyxo2F— Lido (@LidoFinance) September 10, 2023


To resolve the security flaw, Lido confirmed that the LDO token integration guides will soon be updated.


Collect this article as an NFTto preserve this moment in history and show your support for independent journalism in the crypto space.


Magazine:DeFi Dad, Hall of Flame: Ethereum is ‘woefully undervalued’ but growing more powerful# Altcoin# Security# Ethereum# Hackers# DAO# ERC-20# DeFi# Staking# Lido DAOAdd reactionAdd reactionRead moreHow to actually spend your Bitcoin, ExplainedCrypto VC: Risk and investment strategies with Shima CapitalHuman vs. AI: Who is better at crypto investing?

News Feed
Oldest US Bank BNY Mellon Sets Up Crypto Unit to Offer Bitcoin Services
Oldest US Bank BNY Mellon Sets Up Crypto Unit to Offer Bitcoin Services The Bank of New York Mellon, BNY Mellon, has set up a digital asset unit. The oldest bank
2021-02-13 00:05 AM
Mergers and Acquisitions Innovation for DeFi and Web3 Pushed Forward, Crypto Collapse Phoenix
Mergers and Acquisitions Innovation for DeFi and Web3 Pushed Forward, Crypto Collapse Phoenix sponsored In 2021, the global cryptocurrency market was valued at US$ 1,782 Billion. Se
2022-08-30 20:00 PM
Biden Administration Accused of Propaganda and ‘Redefining’ a Recession’s Technical Definition
Biden Administration Accused of Propaganda and "Redefining" a Recession"s Technical Definition After people have accused bureaucrats and government agencies of changing definitions
2022-07-26 03:30 AM
Kevin O’Leary, Bill Ackman Slammed for Defending Sam Bankman-Fried — ‘I Think SBF Is Telling the Truth’
Kevin O"Leary, Bill Ackman Slammed for Defending Sam Bankman-Fried — "I Think SBF Is Telling the Truth" Shark Tank star Kevin O’Leary and billionaire hedge fund manager Bil
2022-12-02 09:30 AM
Bitcoin, Ethereum Technical Analysis: Bitcoin Climbs Above $47,000, as ETH Consolidates at Key Resistance Level
Bitcoin, Ethereum Technical Analysis: Bitcoin Climbs Above $47,000, as ETH Consolidates at Key Resistance Level Bitcoin was back in the green during Tuesday’s session, as th
2022-04-05 23:26 PM
Price analysis 8/21: BTC, ETH, BNB, SOL, XRP, DOGE, TON, ADA, AVAX, SHIB
Rakesh Upadhyay5 hours agoPrice analysis 8/21: BTC, ETH, BNB, SOL, XRP, DOGE, TON, ADA, AVAX, SHIBThe spot Bitcoin ETFs have continued to attract inflows, suggesting that the long-term bullish view remains intact.2978 To
2024-08-22 03:30 AM
Bitcoin ‘pretty unlikely’ to revisit $50K price level, says analyst
Ciaran Lyons7 hours agoBitcoin ‘pretty unlikely’ to revisit $50K price level, says analystBitcoin hasn’t dipped below $50,000 since late February, and it appears unlikely to return to that level soon, according to
2024-04-07 10:47 AM
De-Mixing Wasabi Coinjoin Transactions: A Deep Dive Into Chainalysis’ Deanonymizing Claims
De-Mixing Wasabi Coinjoin Transactions: A Deep Dive Into Chainalysis" Deanonymizing Claims On Tuesday, journalist Laura Shin published a story that claims to identify the 2016 Gene
2022-02-24 06:00 AM
KuCoin responds to claims of user funds being locked
Ezra Reguerra10 hours agoKuCoin responds to claims of user funds being lockedA KuCoin representative told Cointelegraph that it is already communicating with users to resolve the cases reported on Reddit.2850 Total views
2024-02-22 22:08 PM
$8M Worth of ‘Sleeping’ Bitcoin Rewards from 2010 Moved the Day Before ‘Black Thursday’
$8M Worth of "Sleeping" Bitcoin Rewards from 2010 Moved the Day Before "Black Thursday"Over a half a million dollars worth of bitcoin from a May 2010 coinbase reward was transferred
2020-10-04 09:30 AM
Tom Mitchelhill4 hours agoNew figures show hardly anyone is using ERC-4337 smart accountsAccount abstraction advocate John Rising shared “sobering” figures concerning the adoption of ERC-4337 smart accounts.2496 Tota
2023-11-14 13:38 PM
Crypto Crime Falls in China, Surges in Hong Kong, Reports Reveal
Crypto Crime Falls in China, Surges in Hong Kong, Reports Reveal China’s cryptocurrency transactions related to criminal activities have decreased signific
2021-08-05 07:30 AM